I'm new to the ELK stack , My task is to load asterisk logs file into the elastic search online (whenever the file get changed).
generally every line in the log is a row in a DB , but I want that A few lines would be converted to a single row in elastic ,group by one parameter. Is there a way to do so?, could you send me informations or links for tutorials about the subject?
the main question is how you get the logfiles into elasticsearch. If you are using logstash or filebeat take a look at these links
https://www.elastic.co/guide/en/logstash/7.1/multiline.html
https://www.elastic.co/guide/en/beats/filebeat/7.1/multiline-examples.html
If you are using your own ingestion mechanism you might need to extend that one or potentially switch using filebeat or logstash.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.